Hi,
Some of my users are using this function :
set fso=server.createobject("scripting.filesystemobject")
but I've seen that it can read directly in any file, so I just want to
disable the library scripting in IIS but I don't know how.
Thx
HEGMS wrote on Wed, 8 Nov 2006 08:19:01 -0800:
> Hi,
>
> Some of my users are using this function :
>
> set fso=server.createobject("scripting.filesystemobject")
>
> but I've seen that it can read directly in any file, so I just want to
> disable the library scripting in IIS but I don't know how.
> Thx
It can only read any file that the user account IIS is running under has
permission to read. Just remove execute permissions to the scripting runtime
DLL (normally c:\windows\system32\scrrun.dll) for the IIS anonymous user
account, or stop giving full access to the anonymous account to all your
files.
Dan